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(54) System and method for secure peer-to-peer communication 



(57) A system and method for establishing a peer- 
to-peer communication connection between computer 
programs from the same security domain, but executing 
in first and second computers, is disclosed. A first com- 
puter program, while executing in the first computer, 
sends a communication a message to the second com- 
puter, requesting a peer-to-peer communication con- 
nection. Upon receiving the message at said second 
computer, the second computer determines whether a 
second computer program meeting predefined criteria 



for establishing a peer-to-peer communication connec- 
tion is executing in the second computer. If so, the sec- 
ond computer sends to the first computer a reply mes- 
sage accepting the request. After receipt of the reply 
message by the first computer, the requested peer-to- 
peer communication connection between the first and 
second computer programs is established. In a pre- 
ferred embodiment, the predefined criteria for establish- 
ing a peer-to-peer communication connection is that the 
first and second computer programs be from the same 
server computer. 
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Description 

The present invention relates generally to establish- 
ing secure communications between two software enti- 
ties, operating in separate computers or virtual ma- s 
chines, where the two software entities have a peer-to- 
peer relationship, and particularly to a system and meth- 
od for establishing a communication channel between 
copies of an application program. 
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BACKGROUND OF THE INVENTION 

The tern "applets' is herein defined to mean com- 
puter programs and computer program fragments. 

Due to security constraints, computer programs in is 
object-oriented computer systems are usually con- 
strained to communicate in a client-server manner. For 
instance, in Sun Microsstems* Java virtual machine, 
when a method running in client computer requests an 
applet from a server computer, the browser program in 20 
the client computer marks the received applet to indicate 
the server from which the applet was received, and 
thereafter limits the information accessible to the applet 
to documents and other appiets from the same server 
computer. Further, the downloaded applet is allowed by 2s 
the Java virtual machine to open a communication chan- 
nel to other applets on the server from which the applet 
was downloaded, but generally cannot open communi- 
cation channels to applets in other computers. 

It is the goal of embodiments of the present inven- 30 
tion to allow two copies of a computer program running 
on two distinct computers or virtual machines to com- 
municate securely. More generally, it is the goal of em- 
bodiments of the present invention to allow two pro- 
grams obtained from the same security domain and ex- 35 
ecuting on two different client computers to communi- 
cate securely. Typically, the two programs obtained from 
the same security domain will be two programs down- 
loaded from the same server computer onto two differ- 
ent client computers. In many cases the two programs 40 
will be two copies of the same program downloaded on- 
to two different client computers. 

The basis for allowing such peer-to-peer connec- 
tions is that sufficient security is provided when the com- 
municating applets are both from the same server com- 45 
puter, because each applet would already have been 
allowed to open a communication channel to the server 
computer and therefore could have communicated indi- 
rectly with applets downloaded from the same server 
computer onto other client computers. so 

SUMMARY OF THE INVENTION 

In summary, the present invention is a system and 
method for establishing a peer-to-peer communicaton ss 
connection between computer programs from the same 
security domain, but executing in first and second com- 
puters. A first computer program, while executing in the 



first computer, sends a communication a message to the 
second computer, requesting a peer-to-peer communi- 
cation connection. Upon receiving the message at said 
second computer, the second computer determines 
whether a second computer program meeting prede- 
fined criteria for establishing a peer-to-peer communi- 
cation connection is executing in the second computer. 
If so, the second computer sends to the first computer 
a reply message accepting the request. After receipt of 
the reply message by the first computer, the requested 
peer-to-peer communication connection between the 
first and second computer programs is established. 

In a preferred embodiment, the predefined criteria 
for establishing a peer-to-peer communication connec- 
tion is that the first and second computer programs be 
from the same server computer. 

In a preferred embodiment, the reply message in- 
cludes information that reliably indicates to the first com- 
puter that the second computer is executing a computer 
program meeting the predefined criteria for establishing 
a peer-to-peer communication connection. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Examples of the invention will be described in con- 
junction with the drawings, in which: 

Figure 1 is a block diagram of a distributed compu- 
ter system in which a preferred embodiment of the 
present invention is implemented. 

Figure 2 is a block diagram of a client computer in 
a distributed computer system in accordance with a pre- 
ferred embodiment of the present invention. 

Figure 3 is a flow chart of the methodology of a pre- 
ferred embodiment of the present invention. 

DESCRIPTION OF THE PREFERRED EMBODIMENT 

Referring to Figure 1 , there is shown a distributed 
computer system 1 00 that includes two client computers 
C1 and C2 and server computer S1. Each client com- 
puter includes a virtual machine, M1 , M2, that provides 
the operating environment for executing a browser pro- 
gram such as HotJava (a product distributed by Sun Mi- 
crosystems, Inc.) (not shown in Fig. 1 ) and for executing 
Java bytecode programs such as A1 , A2 loaded through 
the use of the browser program. In the content of the 
present invention, the browser programs associated 
with virtual machines M1 , M2 have been used to down- 
load program A from server S1, creating identical pro- 
grams A1 and A2 and virtual machines M1 and M2, re- 
spectively. 

Using standard client-server communication chan- 
nels, it would be possible for applet A1 to communicate 
with applet A2 via the server S 1 by setting up object dass 
methods for use by the clients and server to create and 
maintain such communication channels. In other words, 
applet A1 could communicate securely with server S1 
and then server S1 could communicate securely with 
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applet A2, thereby creating a two stage connection be- 
tween applets A1 and A2. 

Typically, this would be implemented using commu- 
nication "sockets" in the client and server computers 
that would be set aside specifically for the transmission 
of such messages. The communication sockets would 
be defined by the applets and server software so that 
messages received from an applet executing on a client 
computer would be received at the server at a commu- 
nication socket that is monitored by a corresponding 
program. The socket monitoring program in the server 
would then determine for each received message which 
other client computer to forward the message to, and 
what communication socket to use for that communica- 
tion. While addition software logic would be required to 
handle all the possible communication modes and fail- 
ure modes of an arrangement, those details are well 
within the skill of persons skilled in the art of designing 
such software and furthermore are not needed to under- 
stand the present invention. 

In the preferred embodiment, the applets and other 
programs being executed are primarily Java bytecode 
programs. The Java bytecode language is a "machine 
platform independent" programming language market- 
ed by Sun Microsystems, Inc. Java bytecode programs 
are executed in conjunction with a bytecode program 
interpreter that forms a virtual machine. Java bytecode 
programs are designed so that they can be executed on 
any computer, regardless of the operating system and 
computer hardwate platform of the computer, so long as 
a Java bytecode program interpreter is present on the 
computer. 

Referring to Fig. 2, in a preferred embodiment the 
computer system 100 incorporating a preferred embod- 
iment of the present invention will typically include a plu- 
rality of client computers 150 and one or more server 
computers 152 in a system of networked computers. 
Each client computer 150 includes a central processing 
unit (CPU) 160, a user interface 162, and a communi- 
cations interface 164 for communication with other com- 
puters via communications network 166. 

Memory 102/104, which includes both main mem- 
ory 102 and persistent storage 104, stores: 

• an operating system 1 70; 

• an Internet communications manager program 1 72, 
such as the HotJava browser program; 

• a Java bytecode program verifier 174 for verifying 
whether or not a specified program satisfies certain 
predefined integrity criteria; 

• a Java bytecode program interpreter 1 76 for exe- 
cuting application programs; 

• a class loader 1 78, which loads object classes into 
a user's address space and utilizes the bytecode 
program verifier to verify the integrity of the methods 
associated with each loaded object class; 

• at least one class repository 1 80, for locally storing 
object classes 182, 184, 186 in use and/or available 
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for use by user's of the computer 102; 
• at least one object repository 1 90 for storing objects 
192, 194, which are instances of objects of the ob- 
ject classes stored in the object repository 182; 
s • a peer-to-peer communication protocol procedure 
196. This procedure 196 includes: request initiating 
instructions 1 96A for sending a request message 
from a first computer to a second computer to re- 
quest establishment of a peer-to-peer communica- 
tion channel; request reply instructions 1 96B for re- 
sponding to such a request by determining if prede- 
fined criteria for establishing a peer-to-peer com- 
munication channel are met and for sending a cor- 
responding reply message; reply acknowledgment 
instructions 196C for acknowledging such a reply 
message; and channel establishment instructions 
1 96D for establishing a peer-to-peer communica- 
tion channel when the reply message indicates that 
the predefined criteria have been met. 

Referring to Fig. 3, prior to execution of the peer-to- 
peer communication protocol 196, at least two virtual 
machines M1 and M2 will have downloaded copies of 
the same application program A (copies A1 and A2) 
from a server computer S1 (steps 200, 202). Alternately, 
the two virtual machines M1 and M2 will have download- 
ed copies of two different application programs from the 
same server computer S1 . For the purposes of explain- 
ing the embodiment, we will assume that the two down- 
loaded programs are the same, but in some embodi- 
ments of the present invention different programs from 
the same server will establish a peer-to-peer communi- 
cation channel. 

In Fig. 3 we will assume that applet Al in virtual ma- 
chine M1 initiates the process of establishing a commu- 
nication connection to applet A2 in virtual machine M2 
by invoking a method that causes virtual machine M1 to 
send a message packet P1 to virtual machine M2 re- 
questing a peer-to-peer connection for an application 
identified as application A (step 204). 

Virtual machine M2 receives the packet P1 and a 
control program that controls the operation of virtual ma- 
chine M2 (e.g., the HotJava browser program executing 
in virtual machine M2) determines whether or not it 
meets predefined criteria for establishing a per-to-peer 
communication connection (step 206). In a preferred 
embodiment the predefined criteria are that the receiv- 
ing virtual machine has an applet whose server source 
matches the server source of the initiating applet. In ad- 
dition, in the preferred embodiment there must be an 
applet or program executing in the receiving virtual ma- 
chine that is set to receive messages on the socket or 
communication channel used by the initiating applet. 

If virtual machine M2 does not meet the predefined 
peer-to-peer connection criteria, then it sends a reply 
packet to virtual machine M1 rejecting the request (step 
210), or alternately simply ignores the request message. 
Otherwise, virtual machine M2 sends a reply packet P2 
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to virtual machine M1 accepting the request, and indi- 
cating that virtual machine M2 is running applet A2 rom 
server S1 (step 212). 

In some applications where additional security is re- 
quired, or where peer-to-peer communications are to be s 
allowed only between identical copies of the same ap- 
plets, the reply packet may include evidence that packet 
P2 was actually sent by virtual machine M2 and that M2 
really has a copy of applet A2. For instance, in this al- 
ternate embodiment the reply packet P2 includes a copy 10 
of at least a predefined portion of a unique number as- 
sociated with the applet A2. 

Additional security provisions, such as the use of 
digital signatures or the like, may be added by underly- 
ing protocol layers of the communication software used is 
by the virtual machines, for instance so that M1 can ver- 
ify that the reply packet really was sent by M2. More gen- 
erally, each of the virtual machines M1 and M2, operat- 
ing on corresponding client computers, will use whatev- 
er communication security measures are associated 20 
with the security domain of which they and the server 
S1 are members and that would normally be used for 
communications between those virtual machines and 
the server S1 . However, such additional security meas- 
ures are an optional part of the operating environment 25 
in which the invention may be used. 

Upon receipt and processing of the reply packet P2, 
virtual machine M1 'sends an acknowledgment mes- 
sage back to virtual machine M2, establishing a peer- 
to-peer connection between applets A1 and A2 (step 30 
214). Thereafter, the two applets exchange messages 
and data (step 21 6) in accordance with the common se- 
curity restrictions shared by the two applets. 



Claims 

1. A method of establishing a peer-to-peer communi- 
cation connection between computer programs ex- 
ecuting in first and second computers, the steps of *o 
the method comprising: 

A) a first computer program, while executing in 
the first computer, sending a communication a 
message to the second computer, said mes- 45 
sage requesting a peer-to-peer communication 
connection; 

B) receiving said message at said second com- 
puter, and determining whether a second com- 
puter program meeting predefined criteria for so 
establishing a peer-to-peer communication 
connection is executing in said second compu- 
ter; 

C) when step B results in a positive determina- 
tion, sending from said second computer to ss 
said first computer a reply message accepting 
said request; and 

D) after receipt of said reply message by said 



first computer, establishing said requested 
peer-to-peer communication connection be- 
tween said first and second computer pro- 
grams. 

2. The method of claim 1 , wherein 

said predefined criteria for establishing a 
peer-to-peer communication connection is that the 
first and second computer programs both have 
been received by said respective first and second 
computers from a single server computer. 

3. The method of claim 1 , wherein 

said step D includes sending an acknowledg- 
ment of said reply message from said first computer 
to said second computer, whereby said second 
computer is informed of the establishment of said 
peer-to-peer communication connection. 

4. The method of claim 1 , wherein 

said reply message includes information that 
reliably indicates to the first computer that said sec- 
ond computer is executing a computer program 
meeting said predefined criteria for establishing a 
peer-to-peer communication connection. 

5. In a distributed computer system having first and 
second client computers and a server computer 
from which copies of computer programs are down- 
loaded to said first and second client computers, 
said second client computer comprising: 

a virtual machine with a communications pro- 
cedure for receiving a message from a first 
computer program executing in the first compu- 
ter, said message requesting a peer-to-peer 
communication connection; 
said virtual machine's communication proce- 
dure including means for determining whether 
a second computer program meeting prede- 
fined criteria for establishing a peer-to-peer 
communication connection is executing in said 
second computer, and when said determination 
is positive for sending from said second com- 
puter to said first computer a reply message ac- 
cepting said request; and 
said virtual machine's communication proce- 
dure including means for establishing said re- 
quested peer-to-peer communication connec- 
tion between said first and second computer 
programs after transmission of said reply mes- 
sage to said first computer. 

6. The client computer of claim 5, wherein 

said predefined criteria for establishing a 
peer-to-peer communication connection is that the 
first and second computer programs both have 
been received by said respective first and second 
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computers from a single server computer. 

7. The client computer of claim 5, wherein 

said means for establishing said requested 
peer-to-peer communication connection is enabled 5 
upon receiving from said first computer an acknowl- 
edgment of said reply message. 

8. The client computer of claim 5, wherein 

said reply message includes information that io 
reliably indicates to the first computer that said sec- 
ond computer is executing a computer program 
meeting said predefined criteria for establishing a 
peer-to-peer communication connection. 

75 

9. In a distributed computer system having first and 
second client computers and a server computer 
from which copies of computer programs are down- 
loaded to said first and second client computers, 
said first client computer comprising: 20 

a virtual machine with a communications pro- 
cedure for sending a request message to the 
second computer from a first computer pro- 
gram executing in the first computer, said mes- 2s 
sage requesting a peer-to-peer communication 
connection; 

said virtual machine's communication proce- 
dure including means for receiving a reply mes- 
sage from the second computer, said reply 30 
message indicating a positive disposition when 
a second computer program meeting prede- 
fined criteria for establishing a peer-to-peer 
communication connection is executing in said 
second computer; and 35 
said virtual machine's communication proce- 
dure including means for establishing said re- 
quested peer-to-peer communication connec- 
tion between said first and second computer 
programs after receipt of said reply message 40 
by said first computer. 

10. The client computer of claim 9, wherein 

said predefined criteria for establishing a 
peer-to-peer communication connection is that the 
first and second computer programs both have 
been received by said respective first and second 
computers from a single server computer. 

11. The client computer of claim 9, wherein so 

said vitual machine's communication proce- 
dure including means for sending an acknowl- 
edgment of said reply message when said reply 
message indicates a positive disposition; ss 
said means for establishing said requested 
peer-to-peer communication connection is en- 
abled in conjunction with the sending of said ac- 



knowledgment of said reply message. 

12. The client computer of claim 9, wherein 

said reply message includes information that 
reliably indicates to the first computer that said sec- 
ond computer is executing a computer program 
meeting said predefined criteria for establishing a 
peer-to-peer communication connection. 
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Download applet A (copy A1) from server S1 to virtual 
machine M1 
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Download applet A (copy A2) from server S1 to virtual 
machine M2 
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Applet A1 requests peer to peer connection to applet A2: 
Virtual machine M1 sends packet P1 requesting peer to 
peer connection. 
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M2 receives request and determines whether 
requirements for peer to peer communication (e.g., same 
applet from same server) are met 
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M2 sends reply packet P2 to M1 accepting request, 
indicating that M2 is running applet A2 from server S1. 
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M1 acknowledges packet P2, establishing peer to peer 
connection between A1 and A2. 



A1 and A2 exchange data. 
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